Configuration of my private server infrastructure. Completely managed by ansible and linux containers.
The whole infrastructure has several purposes:
- central data storage with redundancy and change history
- automated backup solution for servers and clients
- protection of private data
- multiple services accessible in local LAN only or through public internet
The infrastructure consists of multiple hosts where one is responsible to provide access to internal services through the internet. The following diagram gives an overview of the relevant hosts and some data flows.
The following services are available:
- local file access: samba
- SSH access hardened by following:
- RAID1 and change history: btrfs and btrbk
- automatic server and client backups: rsync and rsync-daemon and QtdSync
- disk monitoring: smartctl
- download manager: jdownloader
- torrent manager: transmission
- domain management: cloudflare
- dyn-dns updater: ddclient
- static web-server and reverse-proxy: caddy2
- local DNS and request filter: AdGuard Home
- static markdown wiki: mdwiki
- password manager: bitwarden with free backend: vaultwarden
- multi-room audio system: lyrion music server
- media server: jellyfin
- media request management: jellyseerr
- low-latency voice chat: mumble
- home automation: homeassistant with mosquitto MQTT
You can deploy this whole setup to either real hosts or a development environment.
In any case you need to be able to use all encrypted fields in passwords.yml.
If you have the corresponding vault password
you need to create the PW file: infra_pw
in the root folder of this repo.
Or you can simply replace all those fields by any unencrypted values for testing.
See the following step-by-step guides:
- Development by using Vagrant
- Common steps for deployment on Ubuntu Host
- Deployment of main server
- Deployment of backup server
You can also find some detail documentation for specific individual ansible roles or system parts under: Documentation
Check out my "prototype" project for this setup: langchr86/mini-nas. This is smaller and therefore easier to understand. It also has much explanation and documentation about the core concepts used.